Administration Console Online Help

Remote Tuxedo Access Points: Security

Use this page to define the security configuration of a remote Tuxedo
access point that will be used with this WTC Service.

Access Control Lists (ACLs) limit the access to local services within a
local Tuxedo access point by restricting the remote Tuxedo access points
that can execute these services. Inbound policy from a remote Tuxedo
access point is specified using the AclPolicy element.
Outbound policy towards a remote Tuxedo access point is specified using
the CredentialPolicy element. This allows WebLogic Server and
Tuxedo applications to share the same set of users, and the users are able
to propagate their credentials from one system to the other. WebLogic
Tuxedo Connector provides the following AppKey Generator plug-ins to
provide user security information to Tuxedo:

TpUsrFile—Provides traditional Tuxedo TpUsrFile functionality for
users who do not need single point security administration or custom
security authentication.

LDAP—Provides single point security administration that allows you
to maintain user security information in a WebLogic Server embedded LDAP
server and use the WebLogic Server Console to administer the security
information from a single system. Requires Tuxedo 8.1 and higher.

Custom—Provides the ability for you to create customized security
authentication.

LOCAL: The local Tuxedo access point modifies the identity of
service requests received from a given remote Tuxedo access point
to the principal name specified in the local principal name for a
given remote Tuxedo access point.

GLOBAL: The local Tuxedo access point passes the service request
with no change in identity.

LOCAL: The remote Tuxedo access point controls the identity of
service requests received from the local Tuxedo access point to the
principal name specified in the local principal name for this
remote Tuxedo access point.

GLOBAL: The remote Tuxedo access point passes the service
request with no change.

Note: If the anonymous user is allowed to access Tuxedo,
the default AppKey will be used for TpUsrFile and
LDAP AppKey plug-ins. Interaction with the
Custom AppKey plug-in depends on the design of the
Custom AppKey generator.

LDAP: The LDAP plug-in utilizes an embedded LDAP
server to provide user security information. The user record must
define the Tuxedo UID and GID information in the description field.
This functionality is not supported in previous releases of
WebLogic Tuxedo Connector.

Custom: The Custom plug-in provides the ability to
write your own AppKey generator class to provide the security
information required by Tuxedo. This functionality is not supported
in previous releases of WebLogic Tuxedo Connector.

The full path to the user password file containing UID/GID
information. (This field is only relevant if you specify
TpUsrFile as the AppKey Generator.)

Note: This file is generated by the Tuxedo
tpusradd utility on the remote Tuxedo domain specified
by the remote Tuxedo access point. A copy of this file must be
available in your WebLogic Tuxedo Connector environment to provide
correct authorization, authentication, and auditing.